Return-Path: X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2A8AA1027A for ; Mon, 9 Sep 2013 21:52:53 +0000 (UTC) Received: (qmail 30892 invoked by uid 500); 9 Sep 2013 21:52:52 -0000 Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org Received: (qmail 30866 invoked by uid 500); 9 Sep 2013 21:52:52 -0000 Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jira@apache.org Delivered-To: mailing list notifications@accumulo.apache.org Received: (qmail 30845 invoked by uid 99); 9 Sep 2013 21:52:52 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Sep 2013 21:52:52 +0000 Date: Mon, 9 Sep 2013 21:52:51 +0000 (UTC) From: "Michael Berman (JIRA)" To: notifications@accumulo.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ACCUMULO-1009) Support encryption over the wire MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13762354#comment-13762354 ] Michael Berman commented on ACCUMULO-1009: ------------------------------------------ WRT JSSE config, I wouldn't feel great about making the JSSE system properties be the only way to configure the accumulo client's SSL settings. It's JVM global, and accumulo clients may well make connections to multiple services or provide their own SSL server. Especially since I'm imagining the most common deployment will involve private roots, it seems overly restrictive to require the accumulo SSL config to be identical to the SSL config used across the entire client app. However, I do think it makes sense to optionally tell accumulo to use the JSSE config. I'll add that option. I'm working on separating AccumuloConfiguration from ClientConfiguration now, but they will have to cross paths at some point in the codebase, since accumulo services need to be able to make thrift connections to other accumulo services, and they will ultimately get their config from AccumuloConfiguration. Do you think it would make sense to have AccumuloConfiguration.getClientConfig()? Then, if we're in a context that does have an AccumuloConfiguration, we can access common code for creating connections, while contexts like ZooKeeperInstance need not know anything about it. > Support encryption over the wire > -------------------------------- > > Key: ACCUMULO-1009 > URL: https://issues.apache.org/jira/browse/ACCUMULO-1009 > Project: Accumulo > Issue Type: New Feature > Reporter: Keith Turner > Assignee: Michael Berman > Fix For: 1.6.0 > > Attachments: ACCUMULO-1009_thriftSsl.patch > > > Need to support encryption between ACCUMULO clients and servers. Also need to encrypt communications between server and servers. > Basically need to make it possible for users to enable SSL+thrift. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira